# HG changeset patch # User coffeys # Date 1549541357 0 # Thu Feb 07 12:09:17 2019 +0000 # Node ID 6e8be1b860e6df43d4bbb155c433652af67ed96f # Parent 23c77bdc49fccfdfaf48fab43df39ad5caeb91a3 8218553: Enhance keystore load debug output Reviewed-by: weijun diff --git a/src/macosx/classes/apple/security/KeychainStore.java b/src/macosx/classes/apple/security/KeychainStore.java --- a/src/macosx/classes/apple/security/KeychainStore.java +++ b/src/macosx/classes/apple/security/KeychainStore.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -102,6 +102,8 @@ private static final int iterationCount = 1024; private static final int SALT_LEN = 20; + private static final Debug debug = Debug.getInstance("keystore"); + static { AccessController.doPrivileged( new PrivilegedAction() { @@ -771,6 +773,10 @@ entries.clear(); _scanKeychain(); + if (debug != null) { + debug.println("KeychainStore load entry count: " + + entries.size()); + } } } diff --git a/src/share/classes/com/sun/crypto/provider/JceKeyStore.java b/src/share/classes/com/sun/crypto/provider/JceKeyStore.java --- a/src/share/classes/com/sun/crypto/provider/JceKeyStore.java +++ b/src/share/classes/com/sun/crypto/provider/JceKeyStore.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,8 @@ package com.sun.crypto.provider; +import sun.security.util.Debug; + import java.io.*; import java.util.*; import java.security.AccessController; @@ -61,6 +63,7 @@ public final class JceKeyStore extends KeyStoreSpi { + private static final Debug debug = Debug.getInstance("keystore"); private static final int JCEKS_MAGIC = 0xcececece; private static final int JKS_MAGIC = 0xfeedfeed; private static final int VERSION_1 = 0x01; @@ -682,6 +685,7 @@ Hashtable cfs = null; ByteArrayInputStream bais = null; byte[] encoded = null; + int trustedKeyCount = 0, privateKeyCount = 0, secretKeyCount = 0; if (stream == null) return; @@ -728,7 +732,7 @@ tag = dis.readInt(); if (tag == 1) { // private-key entry - + privateKeyCount++; PrivateKeyEntry entry = new PrivateKeyEntry(); // read the alias @@ -788,7 +792,7 @@ entries.put(alias, entry); } else if (tag == 2) { // trusted certificate entry - + trustedKeyCount++; TrustedCertEntry entry = new TrustedCertEntry(); // read the alias @@ -827,7 +831,7 @@ entries.put(alias, entry); } else if (tag == 3) { // secret-key entry - + secretKeyCount++; SecretKeyEntry entry = new SecretKeyEntry(); // read the alias @@ -860,10 +864,18 @@ entries.put(alias, entry); } else { - throw new IOException("Unrecognized keystore entry"); + throw new IOException("Unrecognized keystore entry: " + + tag); } } + if (debug != null) { + debug.println("JceKeyStore load: private key count: " + + privateKeyCount + ". trusted key count: " + + trustedKeyCount + ". secret key count: " + + secretKeyCount); + } + /* * If a password has been provided, we check the keyed digest * at the end. If this check fails, the store has been tampered diff --git a/src/share/classes/sun/security/pkcs11/P11KeyStore.java b/src/share/classes/sun/security/pkcs11/P11KeyStore.java --- a/src/share/classes/sun/security/pkcs11/P11KeyStore.java +++ b/src/share/classes/sun/security/pkcs11/P11KeyStore.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -773,6 +773,8 @@ } if (debug != null) { dumpTokenMap(); + debug.println("P11KeyStore load. Entry count: " + + aliasMap.size()); } } catch (KeyStoreException | PKCS11Exception e) { throw new IOException("load failed", e); diff --git a/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java b/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java --- a/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java +++ b/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java @@ -2152,18 +2152,9 @@ } if (debug != null) { - if (privateKeyCount > 0) { - debug.println("Loaded " + privateKeyCount + - " protected private key(s)"); - } - if (secretKeyCount > 0) { - debug.println("Loaded " + secretKeyCount + - " protected secret key(s)"); - } - if (certificateCount > 0) { - debug.println("Loaded " + certificateCount + - " certificate(s)"); - } + debug.println("PKCS12KeyStore load: private key count: " + + privateKeyCount + ". secret key count: " + secretKeyCount + + ". certificate count: " + certificateCount); } certEntries.clear(); diff --git a/src/share/classes/sun/security/provider/JavaKeyStore.java b/src/share/classes/sun/security/provider/JavaKeyStore.java --- a/src/share/classes/sun/security/provider/JavaKeyStore.java +++ b/src/share/classes/sun/security/provider/JavaKeyStore.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -35,6 +35,7 @@ import sun.misc.IOUtils; import sun.security.pkcs.EncryptedPrivateKeyInfo; import sun.security.pkcs12.PKCS12KeyStore; +import sun.security.util.Debug; /** * This class provides the keystore implementation referred to as "JKS". @@ -73,6 +74,7 @@ } } + private static final Debug debug = Debug.getInstance("keystore"); private static final int MAGIC = 0xfeedfeed; private static final int VERSION_1 = 0x01; private static final int VERSION_2 = 0x02; @@ -642,6 +644,7 @@ Hashtable cfs = null; ByteArrayInputStream bais = null; byte[] encoded = null; + int trustedKeyCount = 0, privateKeyCount = 0; if (stream == null) return; @@ -680,7 +683,7 @@ tag = dis.readInt(); if (tag == 1) { // private key entry - + privateKeyCount++; KeyEntry entry = new KeyEntry(); // Read the alias @@ -729,7 +732,7 @@ entries.put(alias, entry); } else if (tag == 2) { // trusted certificate entry - + trustedKeyCount++; TrustedCertEntry entry = new TrustedCertEntry(); // Read the alias @@ -764,10 +767,16 @@ entries.put(alias, entry); } else { - throw new IOException("Unrecognized keystore entry"); + throw new IOException("Unrecognized keystore entry: " + + tag); } } + if (debug != null) { + debug.println("JavaKeyStore load: private key count: " + + privateKeyCount + ". trusted key count: " + trustedKeyCount); + } + /* * If a password has been provided, we check the keyed digest * at the end. If this check fails, the store has been tampered diff --git a/src/windows/classes/sun/security/mscapi/KeyStore.java b/src/windows/classes/sun/security/mscapi/KeyStore.java --- a/src/windows/classes/sun/security/mscapi/KeyStore.java +++ b/src/windows/classes/sun/security/mscapi/KeyStore.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -45,6 +45,8 @@ import sun.security.action.GetPropertyAction; +import sun.security.util.Debug; + /** * Implementation of key store for Windows using the Microsoft Crypto API. * @@ -186,6 +188,7 @@ private static final String KEYSTORE_COMPATIBILITY_MODE_PROP = "sun.security.mscapi.keyStoreCompatibilityMode"; private final boolean keyStoreCompatibilityMode; + private static final Debug debug = Debug.getInstance("keystore"); /* * The keystore entries. @@ -728,6 +731,11 @@ } catch (KeyStoreException e) { throw new IOException(e); } + + if (debug != null) { + debug.println("MSCAPI keystore load: entry count: " + + entries.size()); + } } /**